Patricia Shanahan wrote:
I had to make a change in the key preferences to meet the release
signing requirements. I uploaded to a couple of servers, including MIT,
and waited a few days.
I can find mine here (note: you have to add "0x" for the search to succeed):
http://pgp.mit.edu/pks/lookup?search=0x8F0E4C63&op=vindex&fingerprint=on
But the same search for yours (the "new" one) fails:
http://pgp.mit.edu/pks/lookup?search=0x02703386&op=vindex&fingerprint=on
Is my GPG wrong in detecting a signature (from you) with Key ID 02703386?
Here are the full details in case this helps (my GPG is configured to
use the "long" fingerprint format, but I set it back to the default for
this test):
$ gpg --verify apache-openoffice-4.1.3-r1761381-src.tar.bz2.asc
apache-openoffice-4.1.3-r1761381-src.tar.bz2
gpg: Signature made Sat Oct 1 22:16:07 2016 CEST using RSA key ID 8F0E4C63
gpg: Good signature from "Andrea Pescetti (Release Signing Key)
<pesce...@apache.org>"
gpg: Signature made Wed Oct 5 05:03:35 2016 CEST using RSA key ID 02703386
gpg: Can't check signature: public key not found
$ gpg --keyserver pgpkeys.mit.edu --recv-key 0x8F0E4C63
(this is mine; it is retrieved, unchanged)
$ gpg --keyserver pgpkeys.mit.edu --recv-key 0xA57935C5
(this is your "old" one; works)
$ gpg --keyserver pgpkeys.mit.edu --recv-key 0x02703386
(this is your "new" one; I receive "key not found")
I didn't think we were supposed to update KEYS directly?
Yes. The KEYS file is described here:
https://www.apache.org/dev/release-signing.html#keys-policy
and as far as I know update is supposed to be manual.
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
